stunnel: Performance

Do you really need a hardware TLS accelerator? Check stunnel performance data below.

Data throughput ECDHE-RSA-AES128-GCM-SHA256688 MB/s5.5 Gbit/s
ECDHE-RSA-AES256-GCM-SHA384648 MB/s5.2 Gbit/s
ECDHE-RSA-AES128-SHA256244 MB/s2.0 Gbit/s
ECDHE-RSA-AES256-SHA384204 MB/s1.6 Gbit/s
DES-CBC3-SHA28 MB/s0.22 Gbit/s
New connections New session(1,2)750 connections/s
Resumed session(2)4 700 connections/s
PSK authentication(3)4 460 connections/s
Concurrent sessions Unix poll()limited by available memory(4)
Unix select()500
64-bit Windows build(5)limited by available memory
32-bit Windows build1 000
Memory usageResident Set Size (RSS)5 MB + 60 KB/connection

Performance was tested on:
  • Intel® Core™ i5-3570K CPU @ 3.40GHz
  • Ubuntu 14.10, kernel 3.18.11-031811-generic x86_64
  • OpenSSL 1.0.2a (built from source with gcc-4.9)
  • stunnel 5.16 running on a single CPU core (taskset -c 0)

(1) 2048-bit RSA certificate
(2) Negotiated encryption: ECDHE-RSA-AES256-GCM-SHA384
(3) Negotiated encryption: PSK-AES256-CBC-SHA
(4) In order to handle N concurrent connections on a Unix platform, stunnel requires nfile (ulimit -n) to be higher than 2*N, and nproc (ulimit -u) to be higher than N
(5) 64-bit Windows builds are provided with our commercial support

